Vote 2020 graphic
Everything you need to know about and expect during
the most important election of our lifetimes

Three Charged in the Single Worst Hack in Twitter's History [Updated]

Illustration for article titled Three Charged in the Single Worst Hack in Twitters History [Updated]
Photo: Leon Neal (Getty Images)

Earlier this month a number of Twitter accounts belonging to prominent, highly-followed individuals like Elon Musk, Joe Biden, Barack Obama, Bill Gates, and Jeff Bezos were compromised, seemingly to defraud strangers out of bitcoin. Unfettered access to potentially sensitive information contained therein generated speculation: Was the cryptocurrency gambit a front to cover up blackmail attempts or nation state-level hacking?

Advertisement

Nope: It was literally just kids who made (and has now presumably lost, or at least lost ready access to) around $180,000 in bitcoin for their troubles, authorities say.

Seventeen-year-old Graham Ivan Clark of Florida was brought into Hillsborough County Jail around 6:30 am local time today, according to WFLA. The Department of Justice later announced charges against two additional individuals: Mason Sheppard, 19, of the United Kingdom, and Nima Fazeli, 22, of Orlando, Florida.

Advertisement

Charges for Clark, which were filed State Attorney Andrew Warren, total 30 felonies, including communications fraud, fraudulent use of personal information, and unauthorized access to a computer or electronic device. He will be charged as an adult.

Sheppard was charged in federal court in California’s Northern District with aiding and abetting the intentional access of a protected computer, according to the DOJ. Fazeli, also charged in the Northern District, is charged with conspiracy to commit wire fraud, conspiracy to commit money laundering, and the intentional access of a protected computer.

An investigation into the hack—which, again, compromised a former president and a current presidential candidate and could not have used that access less ambitiously—required two weeks and help from the FBI, IRS, and Secret Service, among others, to complete. In total, the hack impacted around 130 accounts.

It’s believed the hackers responsible were able to gain access to an internal tool used by Twitter employees, which allowed the scammers to reset the email addresses associated with the affected accounts, thereby taking control of them. Twitter has already admitted that Direct Messages sent by and to these accounts were available to the hacker, as they are not encrypted, though it’s unknown if the hackers downloaded those non-public messages.

Advertisement

Update 4:40pm ET: Two additional individuals have been charged in the Twitter hack. We’ve updated the piece above with the additional information.

Senior reporter. Tech + labor /// bgmwrites@gmail.com Keybase: keybase.io/bryangm Securedrop: http://gmg7jl25ony5g7ws.onion/

Share This Story

Get our newsletter

DISCUSSION

While slightly off topic.. when things like this happen, the Feds are going to bring up the topic of encryption and the gov needing back doors..

This hack.. was less of a hack, and more of a kid getting lucky. Apparently we cannot trust Twitter to keep their tools secure (why in the world would they allow an administrative tool to operate outside of their management network at the least, an isolated security vlan would be a better location).

Now the feds want a tool to backdoor secure communications, and we are to trust the Feds and the companies in question to keep those tools secure... this is not the first, nor will it be the last where an internal tool was used by unauthorized users...

The bigger question.. is who else was using the tool... This kid was stupid, and tipped his hand, the smart ones lurk and and use the tools in such a way as to maintain access for an extended period without being detected....